Java SE 6u20

Oracle Patch Ormandy's Security Vulnerability

Oracle have released a patch for Java SE 6, which rectifies the vulnerability in Java Web Start.

The vulnerability was first identified by Tavis Ormandy, who filed a proof of concept earlier this week. A few days afterwards, AVG Technologies reported they had identified an attack server that was exploiting this vulnerability.

This patch, prevents a Java Network Launch Protocol file without a codebase parameter from working. It can be downloaded now.

Jessica Thornsby

What do you think?

JAX Magazine - 2014 - 03 Exclucively for iPad users JAX Magazine on Android

Comments

Latest opinions